Is there a filter to get all HTTP requests to certain domain? For example, all the HTTP requests whose "Host" header is like xxxx.mydomain.com. Thanks. asked 11 May '15, 10:25  pktUser1001 |
2 Answers:
What about this filter? (http.host == "xxx.mydomain.com") && (http.request.method == "GET") You can generate your own complex filters very easily. You only have to right click the value for what you are interested in the packet detail view and then you can either choose "prepare a filter" or "apply as a filter" in the context menu. answered 11 May '15, 14:08  Christian_R edited 11 May '15, 14:10 That's a good start, but the issue is, we don't know what are the possible host names are. xxx is a place holder. Thanks. (11 May '15, 14:11) pktUser1001 |
Use this display filter: http.host matches "mydomain\.com" This will match on "mydomain.com" anywhere in the http.host field. Because the matches operator uses regular expression syntax, you have to escape the period with a backslash. answered 11 May '15, 14:13  Jim Aragon Thanks, this is the best possibility so far. The corner cases are: To prevent xmydomain.com from being matched, we better use ".mydomain.com". However, that may miss http request to "mydomain.com". (11 May '15, 14:16) pktUser1001 Then I think this could work (http.host matches "\.mydomain\.com") || (http.host matches "^mydomain\.com") (11 May '15, 14:33) Christian_R
Matches:
If you only want the first two:
Regards Kurt (12 May '15, 04:45) Kurt Knochner ♦ |
Do you mean capture or display filters?
Yes. Don't think it's possible with capture filter, display filter is the best hope. Thanks.